Malware Analysis Report

2025-01-02 06:08

Sample ID 241202-wza4rswldz
Target 2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer
SHA256 83008b5d79cd91927f152e4da334ecf90fc6d278ef72b1a5a90cfbd204c57e65
Tags
socelars discovery spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

83008b5d79cd91927f152e4da334ecf90fc6d278ef72b1a5a90cfbd204c57e65

Threat Level: Known bad

The file 2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer was found to be: Known bad.

Malicious Activity Summary

socelars discovery spyware stealer

Socelars

Socelars family

Socelars payload

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Browser Information Discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Kills process with taskkill

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-02 18:21

Signatures

Socelars family

socelars

Socelars payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-02 18:21

Reported

2024-12-02 18:23

Platform

win7-20240903-en

Max time kernel

37s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe"

Signatures

Socelars

stealer socelars

Socelars family

socelars

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A iplogger.org N/A N/A
N/A iplogger.org N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\content.js C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
File created C:\Program Files\aieoplapobidheellikiicjfpamacpfd\manifest.json C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
File created C:\Program Files\aieoplapobidheellikiicjfpamacpfd\background.html C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
File created C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\aes.js C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
File created C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\background.js C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
File created C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\jquery-3.3.1.min.js C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
File created C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\mode-ecb.js C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
File created C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\pad-nopadding.js C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
File opened for modification C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\background.js C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
File created C:\Program Files\aieoplapobidheellikiicjfpamacpfd\icon.png C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: 31 N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: 32 N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2360 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe C:\Windows\SysWOW64\cmd.exe
PID 2360 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe C:\Windows\SysWOW64\cmd.exe
PID 2360 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe C:\Windows\SysWOW64\cmd.exe
PID 2360 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe C:\Windows\SysWOW64\cmd.exe
PID 2768 wrote to memory of 2876 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2768 wrote to memory of 2876 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2768 wrote to memory of 2876 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2768 wrote to memory of 2876 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2360 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2360 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2360 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2360 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe

"C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c taskkill /f /im chrome.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6d89758,0x7fef6d89768,0x7fef6d89778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1312,i,7256137737723310112,15306521054067946986,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1312,i,7256137737723310112,15306521054067946986,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1636 --field-trial-handle=1312,i,7256137737723310112,15306521054067946986,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2260 --field-trial-handle=1312,i,7256137737723310112,15306521054067946986,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1312,i,7256137737723310112,15306521054067946986,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2508 --field-trial-handle=1312,i,7256137737723310112,15306521054067946986,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1324 --field-trial-handle=1312,i,7256137737723310112,15306521054067946986,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3440 --field-trial-handle=1312,i,7256137737723310112,15306521054067946986,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 --field-trial-handle=1312,i,7256137737723310112,15306521054067946986,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.icodeps.com udp
US 172.232.31.180:443 www.icodeps.com tcp
US 172.232.31.180:443 www.icodeps.com tcp
US 172.232.31.180:443 www.icodeps.com tcp
US 172.232.31.180:443 www.icodeps.com tcp
US 8.8.8.8:53 iplogger.org udp
US 172.67.74.161:443 iplogger.org tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.200.3:80 c.pki.goog tcp
US 8.8.8.8:53 ferramentasadicionais.s3.sa-east-1.amazonaws.com udp
US 8.8.8.8:53 m.facebook.com udp
BR 3.5.232.1:443 ferramentasadicionais.s3.sa-east-1.amazonaws.com tcp
DE 157.240.27.35:443 m.facebook.com tcp
BR 3.5.232.1:443 ferramentasadicionais.s3.sa-east-1.amazonaws.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 naro-sys-log.s3.amazonaws.com udp
US 3.5.22.30:443 naro-sys-log.s3.amazonaws.com tcp
US 8.8.8.8:53 secure.facebook.com udp
DE 157.240.27.14:443 secure.facebook.com tcp
DE 157.240.27.14:443 secure.facebook.com tcp
US 8.8.8.8:53 hyhjuer.s3.eu-west-3.amazonaws.com udp
FR 16.12.19.18:443 hyhjuer.s3.eu-west-3.amazonaws.com tcp
US 8.8.8.8:53 www.11111111.xyz udp
US 52.20.84.62:80 www.11111111.xyz tcp
US 8.8.8.8:53 domains.atom.com udp
US 104.22.72.252:443 domains.atom.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
FR 23.15.179.154:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
DE 2.18.97.123:80 www.microsoft.com tcp
DE 157.240.27.14:443 secure.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
DE 157.240.27.14:443 secure.facebook.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.16.227:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 www.listfcbt.top udp
US 8.8.8.8:53 www.facebook.com udp
DE 157.240.27.35:443 www.facebook.com udp
US 8.8.8.8:53 www.typefdq.xyz udp
US 8.8.8.8:53 secure.facebook.com udp
DE 157.240.27.14:443 secure.facebook.com udp
US 8.8.8.8:53 www.rqckdpt.top udp
GB 172.217.16.227:443 beacons.gcp.gvt2.com udp

Files

\??\pipe\crashpad_2656_IBWXAMOCQUQEHGLC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 02f5b70e7eb887dc341fbea1cd956155
SHA1 e301da9da86e7dfcdfb04c5a7ffa0d6722e3762d
SHA256 1be768f9f9f537ad277ffee8033252284a856c860c9f294f4da3031e64ad9627
SHA512 d5e57e4cf46c91aecbeb7cd48685f1a88009c9b6d05dbc3660cbb7289480ba35c9841e6ab54065227406a9142d0062d7d4daf13b6118a7e40cf022fee9322c35

C:\Program Files\aieoplapobidheellikiicjfpamacpfd\icon.png

MD5 c8d8c174df68910527edabe6b5278f06
SHA1 8ac53b3605fea693b59027b9b471202d150f266f
SHA256 9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5
SHA512 d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\content.js

MD5 f79618c53614380c5fdc545699afe890
SHA1 7804a4621cd9405b6def471f3ebedb07fb17e90a
SHA256 f3f30c5c271f80b0a3a329b11d8e72eb404d0c0dc9c66fa162ca97ccaa1e963c
SHA512 c4e0c4df6ac92351591859a7c4358b3dcd342e00051bf561e68e3fcc2c94fdd8d14bd0a042d88dca33f6c7e952938786378d804f56e84b4eab99e2a5fee96a4c

C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\jquery-3.3.1.min.js

MD5 a09e13ee94d51c524b7e2a728c7d4039
SHA1 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
SHA256 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
SHA512 f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

C:\Program Files\aieoplapobidheellikiicjfpamacpfd\manifest.json

MD5 6da6b303170ccfdca9d9e75abbfb59f3
SHA1 1a8070080f50a303f73eba253ba49c1e6d400df6
SHA256 66f5620e3bfe4692b14f62baad60e3269327327565ff8b2438e98ce8ed021333
SHA512 872957b63e8a0d10791877e5d204022c08c8e8101807d7ebe6fd537d812ad09e14d8555ccf53dc00525a22c02773aa45b8fa643c05247fb0ce6012382855a89a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Program Files\aieoplapobidheellikiicjfpamacpfd\background.html

MD5 9ffe618d587a0685d80e9f8bb7d89d39
SHA1 8e9cae42c911027aafae56f9b1a16eb8dd7a739c
SHA256 a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e
SHA512 a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\background.js

MD5 d7cf86f8e2b4f2fa96e4d8e67a02914f
SHA1 213c98377150455a802ec533acca4d93a7ce9bb5
SHA256 34d56f4407221d8f367edb48597f4528bc36d007fa9465b7cf68c719da4d4d70
SHA512 ba322dc0dc98eaa0fd1e71c0553d3ed053d482e39c0f566cf66969653dd1be1201e9abf654cfcfaff0fa8b1040e1d3691add139554337717031c20689a7c17e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\aieoplapobidheellikiicjfpamacpfd\CURRENT~RFf76c2e2.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\pad-nopadding.js

MD5 0f26002ee3b4b4440e5949a969ea7503
SHA1 31fc518828fe4894e8077ec5686dce7b1ed281d7
SHA256 282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d
SHA512 4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\mode-ecb.js

MD5 23231681d1c6f85fa32e725d6d63b19b
SHA1 f69315530b49ac743b0e012652a3a5efaed94f17
SHA256 03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a
SHA512 36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\aes.js

MD5 4ff108e4584780dce15d610c142c3e62
SHA1 77e4519962e2f6a9fc93342137dbb31c33b76b04
SHA256 fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a
SHA512 d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

C:\Users\Admin\AppData\Local\Temp\CabC3BC.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Temp\TarCD60.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69e976e105278ea75e891d0afb9438ad
SHA1 7c083e000c837e9ec83546b2b4b0844d78724af6
SHA256 140049be570c9ff5db87ba22af8485f0729dd7daa294c8f6a5c32b6d4a87b71a
SHA512 860ada034b23d3a2eb1ead8475282c2a9584a248bce697fd03ac4d4455a2c1148bc95fe0a88a83c8c60bbcf0e126b733e8013bb1c05c520acdf9ddcbaab238f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 084368f0991afaa451f8b3359c0ff5bd
SHA1 f8f9050d0b5f70369e3c6c790f6b66abb14fe426
SHA256 0039d1f31988d55a13fde6bab395836af263222bd57b3611794cefb58fcba3bf
SHA512 d72dac106857413cb0a613395db912bf2bc90d0f1de2710228ef10a1896c19766c739b57a379786b34e096945925f7b485b1f4312ee51f96cfba8725fb1510a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43b23b4af0a59b9503e7377a3dd4b58f
SHA1 69739c9884dbd6af8efa4317e52d232525e1a62d
SHA256 48de8081877f75d4ca6bdda0cc52e41a75d432479d44819a11729631dfc2d942
SHA512 4740c89693446fc3e003fd14a81db494de03a45a10c52941c2932fe1d1f416cdc17b04637d8753d4e52e3b9aa496b5c57bbc90a5c43cb4abf01c5bae5d002f1d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 c9f93f2db7f21b566e4d4541a96afc34
SHA1 8259f32ca550c8880c92d5011753041b5c5c66ba
SHA256 6c194d1fb1cb84de21fec07a2fb0ba3279ed3b889b6c602ada502c54c57c95ca
SHA512 b041967c7c35dab506dc2f1b2832ee75d325e924bef9d6bd0d0dd89b4dbdcbbd6fbd963826fa66b800b3ba07835c88f714bb636ddd567047cc39653706ca0620

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2757907f1099e4d105c5bd87679bf118
SHA1 9d9813526b8d34dd2b6a46cea6800061298084de
SHA256 d8f77c9268a4e9c46eada9517cd230402790cccbfad58991c87bf977745e2f21
SHA512 1526d46265f4849527fbdeaf8615454665e57aa8be9e412db6029d9ca4fb58f16ba17b67b932f441cc9550d67199dde20c7088db2191345649a1b70ae2670046

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a5e0a964562b9a868ef479c47ba16b9
SHA1 77dc69a5da6299e0f0deaee4e029bba8ec05761b
SHA256 fe3719340d8553447b1ba98c0d84be821f9f5780864064063f5d2846ac475b2b
SHA512 60ca08d930abefd06b201d6b62af1d34a4b06590c0a1d555f6b6a9cf8a18a08ea7120b01aeacb4bfd061e11ca15ff77bd4af3d35fdfb8ae30b631c91bf3d5831

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5dc4c426f37c823d08204c6f7d68cc6a
SHA1 9f120e024e3446357860b5d74fb5cab3f7d63390
SHA256 fdef00b626fbebad2c338d8b17987812fa19017f37d47ea600b0b902b45cff44
SHA512 c65b2026974e5a7e2361f1ee6bf2cc85ef01a8ae72c44a22e259d322f3c8e0db04278f4a468e9519b4312dae92bddab9aacafc0899a1d4024695406d06e873ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

MD5 971c514f84bba0785f80aa1c23edfd79
SHA1 732acea710a87530c6b08ecdf32a110d254a54c8
SHA256 f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895
SHA512 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 c3b31cc60360fdef7f8ae53f80e1e916
SHA1 7fb71ec82d6ce84ac8ef78dd4a6bcaed698d9bbd
SHA256 7ef854cd7379aa1f65f5408be5c6f2a3d7379d7580c02a3dca31c5130aba2f9b
SHA512 d9965c07a2643361f0372eb2233be22fa572f818c9e5963be9670856e5e575316f67f3a390321f4619b572fa7a5f5b64d8ba8dd6c54ee098f9513ec6469291d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 67e486b2f148a3fca863728242b6273e
SHA1 452a84c183d7ea5b7c015b597e94af8eef66d44a
SHA256 facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb
SHA512 d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 05f2f99dd2ec67393a27283e305e8f87
SHA1 418f4b6c1d806089dc5d08d5bf0bade783c114d4
SHA256 1a363b8acf723f4bc520bfa0221e0b3a3977c69a035846f5dbd02939ac80e715
SHA512 d1254604b9ae05a717c9c8c38f373c77ef9b0a5f32aada3f580eb2331387c36bac1612673b7b7e24d6c3e35c0c897a018be2e1e87b204a0d7c268cf5038dacf7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c49bd271c9bd89a9cf58acfde73c28af
SHA1 9e14bc65a473eb35963dd1a99756eccadb79610e
SHA256 9b4e9d3e1fa66205d6fd35df8e3e3f2b35b969503b6ced222f44125be4c21d5f
SHA512 1062a759730311e874acef79daad51035175b516d94f635efd50d9fedaeb277a4449bc070e6101958836f9d3e1da8ea23874289378ab193ebfccc3067380ffdb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 731c8a608f96f62d53e930aaa7abb292
SHA1 856b4b341d9ed13574ab4235bbadcc4045313261
SHA256 d5180063c51f30e9f24af7f3241c0c8d11a7fc2b6477a78813f11f23e363f4c1
SHA512 805731bad55c07df87c6faa8daa2a7742786559323c6bc6bf29c5d17561e200b8f7cb0c94e26a0278f310be7090f68271525ee5d1f6cd8bbd552d281235ce613

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4979bba53615b19aeaf639c84f4df0d2
SHA1 2a6e7561e701c42efe33081e85681ede7e6e43d9
SHA256 0122a123a842f029925a1058bfce7e1c5f8a3afe69dd7170ed9b6f3fd9a968ac
SHA512 78ad52cd8afe72fe7cf0de7d57b7c35fb7b625b44f68898ae746524a5bfe76d11718462460249d7488532105a2286f8245682850e2aee2f08a19ffd92c6ccb8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 35140d2d526cf73f9efe6f0c7d064315
SHA1 9cd833e64f02aa50e28fcf68509ded82d4d8dd4b
SHA256 a36f4c534b0f93c2e65a3ee6cc547f448b77690943e880c3d843192f07f8ed7e
SHA512 8801db3bf8a9362fa665812edb3edda9758b54fadcc4766d21d2e8619154ad63eb4d1fa17aa2de08b91c81e827a6275188a4ee204e2a1ead12e32bece78c623c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6c797373c1e1c4a336d194481aa616bc
SHA1 9f25becfb5d4f80df9245eff84a42073cad25956
SHA256 7a933c3feecc289159b8a8dda48a9c6ac43ede0bcac5c7437aa40be8f5a9c321
SHA512 3384ea67e44a297c116d7e9e6a370166b6cbae18ecda68c96d73857d4a0475536f3b7110fa5fca2d0f6037ff1f8feefa90fed9cb957f1ea8527d65f6309e40c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 52e21b5768cb1bb48037c5d99712a0cb
SHA1 24ac8d5761d5ee3963ff76cd3649a7b84db8d9ae
SHA256 49815ee7d833e89044d91be5f6dbdab8a64e43eab47cd367067dbda937f86c9d
SHA512 d2a92c517ee5ee1d8518b47c7c9bf3cd02caa563581b7cb950d79a47de196bf1dd7d3b4d7d8dc9f1c31502890c1124c7eaf6a2686f0be0a5e5048c46d1deda7e

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-02 18:21

Reported

2024-12-02 18:23

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe"

Signatures

Socelars

stealer socelars

Socelars family

socelars

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A iplogger.org N/A N/A
N/A iplogger.org N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\aieoplapobidheellikiicjfpamacpfd\background.html C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
File created C:\Program Files\aieoplapobidheellikiicjfpamacpfd\icon.png C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
File created C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\aes.js C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
File created C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\content.js C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
File created C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\jquery-3.3.1.min.js C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
File created C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\background.js C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
File created C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\mode-ecb.js C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
File created C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\pad-nopadding.js C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
File created C:\Program Files\aieoplapobidheellikiicjfpamacpfd\manifest.json C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
File opened for modification C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\background.js C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133776372796224604" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: 31 N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: 32 N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3736 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe C:\Windows\SysWOW64\cmd.exe
PID 3736 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe C:\Windows\SysWOW64\cmd.exe
PID 3736 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe C:\Windows\SysWOW64\cmd.exe
PID 2340 wrote to memory of 1416 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2340 wrote to memory of 1416 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2340 wrote to memory of 1416 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 3736 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 4832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 4832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 2656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 1528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 1528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2460 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe

"C:\Users\Admin\AppData\Local\Temp\2024-12-02_b7b097c90a2ca190d554090898124dbf_avoslocker_luca-stealer.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c taskkill /f /im chrome.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcc2ebcc40,0x7ffcc2ebcc4c,0x7ffcc2ebcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1988,i,1654832391514942404,10133416262582272672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1980 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1896,i,1654832391514942404,10133416262582272672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2008 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,1654832391514942404,10133416262582272672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2424 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3108,i,1654832391514942404,10133416262582272672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3116 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,1654832391514942404,10133416262582272672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3784,i,1654832391514942404,10133416262582272672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3832 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4636,i,1654832391514942404,10133416262582272672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4680 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4924,i,1654832391514942404,10133416262582272672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4968 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5180,i,1654832391514942404,10133416262582272672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5184 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3100,i,1654832391514942404,10133416262582272672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.icodeps.com udp
US 172.232.31.180:443 www.icodeps.com tcp
US 8.8.8.8:53 180.31.232.172.in-addr.arpa udp
US 8.8.8.8:53 224.122.19.2.in-addr.arpa udp
US 8.8.8.8:53 iplogger.org udp
US 172.67.74.161:443 iplogger.org tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 161.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
GB 142.250.200.3:80 c.pki.goog tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 ferramentasadicionais.s3.sa-east-1.amazonaws.com udp
US 8.8.8.8:53 m.facebook.com udp
US 8.8.8.8:53 www.google.com udp
BR 3.5.234.43:443 ferramentasadicionais.s3.sa-east-1.amazonaws.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
DE 157.240.27.35:443 m.facebook.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 naro-sys-log.s3.amazonaws.com udp
GB 172.217.16.228:443 www.google.com udp
DE 157.240.27.35:443 www.facebook.com udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.27.240.157.in-addr.arpa udp
US 8.8.8.8:53 43.234.5.3.in-addr.arpa udp
US 8.8.8.8:53 secure.facebook.com udp
DE 157.240.27.14:443 secure.facebook.com tcp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 clients2.google.com tcp
US 8.8.8.8:53 14.27.240.157.in-addr.arpa udp
US 16.182.42.233:443 naro-sys-log.s3.amazonaws.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 hyhjuer.s3.eu-west-3.amazonaws.com udp
US 8.8.8.8:53 233.42.182.16.in-addr.arpa udp
FR 3.5.204.162:443 hyhjuer.s3.eu-west-3.amazonaws.com tcp
US 8.8.8.8:53 www.11111111.xyz udp
US 52.20.84.62:80 www.11111111.xyz tcp
US 8.8.8.8:53 domains.atom.com udp
US 172.67.26.69:443 domains.atom.com tcp
US 8.8.8.8:53 62.84.20.52.in-addr.arpa udp
US 8.8.8.8:53 162.204.5.3.in-addr.arpa udp
US 8.8.8.8:53 69.26.67.172.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 100.209.201.84.in-addr.arpa udp
DE 157.240.27.14:443 secure.facebook.com udp
DE 157.240.27.35:443 www.facebook.com udp
DE 157.240.27.14:443 secure.facebook.com udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.listfcbt.top udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.typefdq.xyz udp
DE 142.250.185.99:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 www.rqckdpt.top udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 secure.facebook.com udp
DE 157.240.27.14:443 secure.facebook.com udp
US 8.8.8.8:53 99.185.250.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 8352ed5bbe3a7c0fbd94c2e14bc5de31
SHA1 615d9809bb3144ab25b4ee7568644bea36bf9713
SHA256 fa82205adab69607bc80a103488725267ee51f7bae8d6a860ab7f969b8b89308
SHA512 9cc9345e0591135e12308625c589d195ff6178276cd6245d43d46419c7e77165558de27fc05e3aab4214491a8fd7250bc5b9e1dc3cebdbe4fa988dbebb69372e

\??\pipe\crashpad_2460_VNOKODMRCVQNMPWG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\content.js

MD5 f79618c53614380c5fdc545699afe890
SHA1 7804a4621cd9405b6def471f3ebedb07fb17e90a
SHA256 f3f30c5c271f80b0a3a329b11d8e72eb404d0c0dc9c66fa162ca97ccaa1e963c
SHA512 c4e0c4df6ac92351591859a7c4358b3dcd342e00051bf561e68e3fcc2c94fdd8d14bd0a042d88dca33f6c7e952938786378d804f56e84b4eab99e2a5fee96a4c

C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\jquery-3.3.1.min.js

MD5 a09e13ee94d51c524b7e2a728c7d4039
SHA1 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
SHA256 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
SHA512 f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

C:\Program Files\aieoplapobidheellikiicjfpamacpfd\icon.png

MD5 c8d8c174df68910527edabe6b5278f06
SHA1 8ac53b3605fea693b59027b9b471202d150f266f
SHA256 9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5
SHA512 d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

C:\Program Files\aieoplapobidheellikiicjfpamacpfd\manifest.json

MD5 6da6b303170ccfdca9d9e75abbfb59f3
SHA1 1a8070080f50a303f73eba253ba49c1e6d400df6
SHA256 66f5620e3bfe4692b14f62baad60e3269327327565ff8b2438e98ce8ed021333
SHA512 872957b63e8a0d10791877e5d204022c08c8e8101807d7ebe6fd537d812ad09e14d8555ccf53dc00525a22c02773aa45b8fa643c05247fb0ce6012382855a89a

C:\Program Files\aieoplapobidheellikiicjfpamacpfd\background.html

MD5 9ffe618d587a0685d80e9f8bb7d89d39
SHA1 8e9cae42c911027aafae56f9b1a16eb8dd7a739c
SHA256 a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e
SHA512 a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\background.js

MD5 13c7122b3581a8a39b2df223b4a3441c
SHA1 9985b8fba848794cf72c9b36e821721ccefbc00f
SHA256 e4e181d669ec02db24acf2d9222e56f76a5b9db4dadc4677ba0f099a162fd520
SHA512 7f8c2c65deb79af281ecbd73319c00b8480c916283b08f49099a03a2a0514ddeaa94c2f1d95ef0a2d096476a4b3b86c5770715d93373a36183733130b65e67c7

C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\pad-nopadding.js

MD5 0f26002ee3b4b4440e5949a969ea7503
SHA1 31fc518828fe4894e8077ec5686dce7b1ed281d7
SHA256 282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d
SHA512 4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\aes.js

MD5 4ff108e4584780dce15d610c142c3e62
SHA1 77e4519962e2f6a9fc93342137dbb31c33b76b04
SHA256 fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a
SHA512 d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\mode-ecb.js

MD5 23231681d1c6f85fa32e725d6d63b19b
SHA1 f69315530b49ac743b0e012652a3a5efaed94f17
SHA256 03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a
SHA512 36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 4ea6b3c5e77fcc430c842752cd75f0bb
SHA1 585f066dfaf09ad6ae72e7ca493a8cd5ecde44a2
SHA256 451c2e22ce069a0467febe931b41c5ca8df7e98fc61b9c14c250ac0cea6fe524
SHA512 8c36a17b5b6d68eb2f1444784c5d7c7190c059d3d47c3220db26818ecf6dcfa6d381ecf78a8db2d254ed51ecfd0aaa123f1ff2535d50266cade6780b8773a69c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ed61a5eb4bda069e46b4d008e579777c
SHA1 745ecef757321aef6abdf62e6dd496fafccba611
SHA256 27ba9053355114cc32b9e4d96a8de774032aa319596dc1c6effa0624e21fbef0
SHA512 77409a0b69a06ec4bb3be8b375bf93681a551909990ba05ae476dbac104db0c76f13997b53622598fbfc50cb241f6a989b65003dba68034ae77ba7adc31e31c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 3dfb776d2c3755474c6f110753263137
SHA1 1f4531c1dce6bb2f7baf314c52fe572163da2572
SHA256 2b8fd6ae79f2fd4838e162a73947e40596240b6370bc1d969ee88763a0fea880
SHA512 dcd3e2442977d0a9ecfdbd09d8fb95f6b44b6dc33caee9638787679774181f1d65b3e186e373aa2c3e0211c3a06eafd9d91456d9adbad2be8a2f5c1cf501ebb9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 53f1439c888f3e3a77eade51ad7bd8f3
SHA1 126290abd6c93d30cc83382a283404e0eaddc810
SHA256 ff6b0199198ec2e193a3cacd08e2dd7ef5068ce509bc7c7fdd915c0798271b33
SHA512 4f2b6abe4a4326216815f54fcc91e4cd2911f4febb6722d06fa46c36d735d3f6aad77c97cf6b1e10de82479c39adada4fd67ddffca6a0fb35f0289b5268fba99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 841797c16e5e88f6cb76b8dff1015c8a
SHA1 faabb06b42f94ada99c80296873b8f09b9e5212d
SHA256 9bae0c822ec9e72ccba21b37420bbd06db7c449b84c8f397466f30f453b45907
SHA512 c76cd273e98b0cfc22493eba0c26231c45154206becacd131651c0a76da7c62c05fb462337e445ffebcf3a6ce2e1f63fda48ee65e741ff8af14d26096f339242

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 48c6c4ca7919f58209b904bd4dbf717c
SHA1 1984ec414e3fdb89e709e2ebf4877b7d6808bd42
SHA256 da7a80259e9759c13275be9522a50b7568b2803e7bfea4cad7feaf1472370ce7
SHA512 a59aaa92db1d2877d8a579604cedaacd06aa423299ea5ee7f104d8fc336ec2f2a8443c046ed567a5f0032bf897547408e5ea503ed27a3ce54e3ce7cca70adc0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 93e91ac067441164765f599d31087ba7
SHA1 7bdd45c9d8d286ef401ace8a5d5b2e57f185dcfb
SHA256 9920106adfa8d8a1affb4751261d6bd9108872f7b8b7a69026cb3f716646c5d7
SHA512 c5e7c09abda372d04fc4565e8f9baa10689818756d919591f19aaaa50a6d7b34ad1e647e962fb2012cbda51d7071abe6fe9c3166ea993565c36e3c4c51d05c7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 52f34a942302fd240a1205ea58b1d29b
SHA1 a7b7e2b2c12b51cdd768fe8301426ce4a34c9aef
SHA256 51b9def827011da66c885d88a983f18c3f675a19d81100d8151473c4aae572b3
SHA512 99126c5dbe14cfb5f0ba27669373a6b8eb4bd38e4432dce36ba82272932f8272e350bcbd0d869503979b064d893bb780f08e6544455f33e63660c8a400756e56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 836fde124984e254d9574f08803b0d3e
SHA1 3f849c1e44308a2b30c7fa7410af3780994c9322
SHA256 f454cbc5cc79f08937b3ca13c9e7d10d0304f3dfe1144516e9cee718f18aaf07
SHA512 946474167e77bc38cea19b7ab9c5a9427f684bbfb3714cdcd1617db37d0d82756edf8403818367f5f5d4201c5107b564d7ea82ffea9d29877dbd77734bc87934

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6c9d4b22b50a77d463e620a4b2dfc67f
SHA1 5c7ece3a36fe3d3c89f4717b715edca76d56a853
SHA256 10c07e9abf559c6f556c82099f7b97580a3f7300d4bcd9453bc8a808624b3b55
SHA512 0f06b73d23b051d3e39ed0208014c53c6875b009fe3d1ba71669a4ee2905b1197b6382a7b43de8eb928eaf16f1733707c87b67e200757e8111b3409ed2295509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cddca27ed1c59101aab2577f408e3da5
SHA1 deee14495d720193cbde9d0230a853c1f513933e
SHA256 a41f9d1debe6416a893ef143c81df8226b02dd455c768aaca123ca47308263b7
SHA512 d7f9084af3efef4d7ad89923a9d1311a8a0eee93d8ec452f6ed9782459a1ddb87e15b18a4d4ad96ca1609008e674ca024432412fac18bad37b3855319c1a0dc8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f826fdd06dfc6d1098acfc8123f52d6c
SHA1 1a77f10a77927d2d6c6a128df13d940cf838bce7
SHA256 0efa07b633f1a51b34163df701473203394e3a1ef36b2eca0dd54f93bb0ac9fb
SHA512 777a2e6d47fc56cade89822693ef3de6030132872c41377c509d3c7ab95ce5329de9c174958964da592affabab85cd10af982851beebfa00ad3139fff378852d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e2b3d571a38e84d239c8ccc8c3b3b91d
SHA1 e472718f4abb0c90da8a86da7c8f9e05332f1471
SHA256 3d3cb7355e19d01c423e9c3973b20810bb24441d4f04754329e676cef959f625
SHA512 d45b13e507f9d4b9660f7d15221f80bc8fc9c0fe5585983c3406ce1713ac55a0a31737e8af676ea3a7be4c635d3c6fd976e76adc42f53747b67fe8b2285ecf08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 04e0be21b1ec33cbebfeb65e56866c59
SHA1 fbd305d20f6cc6cbcc93bee18d52ac5aa6cd6743
SHA256 b053b968803ba377d198a32ac9aa5aea6bd21aba0bc0605db123c043811ce114
SHA512 5b56a54f290685275f17731b54f6e955fd5a6a0727613af08f995ebbd485e8f24383c45497fc480ddc9b4c230e01d579486916281e5b06ca151b6f0262171ce9